NPR logo
Trying To Keep Your Data Safe? You're Probably Doing It Wrong
  • Download
  • <iframe src="https://www.npr.org/player/embed/425502893/425512008" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript
Trying To Keep Your Data Safe? You're Probably Doing It Wrong

Privacy & Security

Trying To Keep Your Data Safe? You're Probably Doing It Wrong

Trying To Keep Your Data Safe? You're Probably Doing It Wrong
  • Download
  • <iframe src="https://www.npr.org/player/embed/425502893/425512008" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript
Security experts' and non-experts' top security practices, according to Google's survey. i

Security experts' and non-experts' top security practices, according to Google's survey. Google Online Security Blog hide caption

toggle caption Google Online Security Blog
Security experts' and non-experts' top security practices, according to Google's survey.

Security experts' and non-experts' top security practices, according to Google's survey.

Google Online Security Blog

Long gone are the days when you could pass off all your computer issues to an expert — IT support or the broadband 1-800 number. Today, in this always-connected, mobile world, regular people find themselves in a challenging situation.

On our own, we have to manage security on our devices, patch software and update passwords. And according to a new survey by Google, we're not prioritizing well.

Take a look at your smartphone or laptop. Are you one of those people who keeps hitting "ignore" or "remind me later" when you get that annoying prompt to update software?

I asked some people in Oakland, Calif., who own and rely on smartphones and other devices how they react to those prompts.

" 'Ignore.' Never, 'tell me later,' " says Nolan Darby. When he's trying to read something, those reminders "just pop up. And it interrupts what I'm actually doing. I don't need all those reminders."

Amelia Kirby doesn't care much for the alerts to patch software, either. "My old phone, when I updated it before, I used to lose contacts," she says. "So then I think I got kind of paranoid about doing the updates."

Lisa Handley says she's not the help desk, and patching takes too long. "You don't want to waste the time you have on your computer doing a download," she says.

Donald Mabrey worries sometimes that these notices to update could actually be hackers in disguise.

"I always think about that with anything on these phones these days," he says. "I'm hearing they can turn your phone on, and turn it off, they're looking at you right now, even from your smart TVs."

What The Study Shows

Google is releasing a new study Thursday, looking at how regular, nontechnical people prioritize online security, as compared with the experts. It turns out that a deep rift has formed. Yes, both the experts and the laypeople believe in a strong password. But after that, things fall apart.

Thirty-five percent of experts said that "installing software updates was one of their top security practices," while 2 percent of non-experts see this as a priority, according to the study.

"That's a pretty stark gap," says Gerhard Eschelbeck, chief of cybersecurity for Google.

There's a similarly stark gap when it comes to antivirus — the software that has long been hailed as the all-purpose cleaner, the rubbing alcohol of the Internet. Forty-two percent of the non-­experts surveyed say products like McAfee and Norton are key. But among the experts like Eschelbeck, just 7 percent agree.

"Antivirus has absolutely its place. But it's not like the only one solution that people can and should rely upon," Eschelbeck says.

That's especially true because antivirus doesn't block the new generation of hacks and targeted attacks. Some security experts even say "antivirus is dead" — though Eschelbeck thinks that's an overstatement.

Fighting The Password Battle

And when it comes to passwords — making strong ones and remembering them — he says there's another gap.

"Well, the sticky note certainly hasn't worked in the past," he says. "And usually you never find the sheet of paper when you need it."

About three-quarters of experts surveyed use a password manager. It's a tool that makes up crazy-complicated, 36-digit passwords for any site you want, and then stores each unique one in a central vault.

This might sound like a bad idea. And, irony of ironies, the popular service LastPass announced in June that it got hacked. (I use it and had to spend an entire evening changing all my passwords.)

Still, Eschelbeck insists, "the password manager clearly is the least amount of risk compared to the alternatives that you have available."

Online security is not intuitive. It can even be counterintuitive. (Why would you put all your passwords in one place? "Target" is written all over it.)

Eschelbeck says experts have to get better at communicating basic defense to the non-experts, who need it.

Comments

 

Please keep your community civil. All comments must follow the NPR.org Community rules and terms of use, and will be moderated prior to posting. NPR reserves the right to use the comments we receive, in whole or in part, and to use the commenter's name and location, in any medium. See also the Terms of Use, Privacy Policy and Community FAQ.